Staff Threat Hunter

Company Overview: TENEX is an AI-native, automation-first, built-for-scale Managed Detection and Response (MDR) provider. We are a force multiplier for defenders, helping organizations enhance their cybersecurity posture through advanced threat detection, rapid response, and continuous protection. Our team is composed of industry experts with deep experience in cybersecurity, automation and AI-driven solutions. Backed by leading investors, we are rapidly growing and seeking top talent to join our mission of revolutionizing the AI-Native MDR landscape.

We're a fast growing startup backed by industry experts and top tier investors led by Crosspoint Capital Partners and also backed by Shield Capital, DTCP (formerly Deutsche Telekom Capital Partners), Deepwork Capital, and the Florida Opportunity Fund. Seed round led by Andreessen Horowitz (a16z). As an early employee, you'll play a meaningful role in defining and building our culture. Get in on the ground floor. We're a small but well-funded team that just raised a substantial round – joining now comes with limited risk and unlimited upside.

Culture is one of the most important things at TENEX.AI—explore our culture deck at culture.tenex.ai to witness how we embody it, prioritizing the irreplaceable collaboration and community of in-person work.

About the Opportunity: As Staff Threat Hunter, you'll own how TENEX hunts — the methodology, the tooling, the hypotheses, and the conversion of hunt findings into production detections. You'll work across multi-tenant MDR telemetry in Google SecOps / Chronicle, partnering with detection engineering to close the gaps automated alerting misses. This is a senior IC role — you set the technical direction for how hunting works at TENEX. Reports to the VP, Security.

What You'll Do:

• Lead proactive, hypothesis-driven hunts. Run investigations across SIEM, EDR, network, and identity telemetry to surface the threats automated detection misses.

• Own the hunt methodology. Build, document, and refine the playbooks the team runs from. Decide what gets hunted, on what cadence, and how findings convert into permanent detections.

• Drive the detection engineering partnership. Work directly with detection engineers to turn hunt findings into production rules and analytics in Google SecOps / Chronicle.

• Operationalize Threat Intelligence. Track adversary TTPs relevant to our customer base, prioritize what matters, and translate intel into hunt hypotheses.

• Mentor SOC analysts and junior hunters. Pair on investigations, lead technical deep-dives, and grow the team's hunt capability.

• Lead complex incident investigations. When a hunt surfaces a real intrusion, run the technical investigation alongside incident response through containment.

• Report on program outcomes. Communicate findings to customers and internal stakeholders — what was found, what was contained, where the detection coverage gap was, and what we changed.

What You Bring:

• 8+ years in threat hunting, SOC, or incident response, with at least 3 in a senior/lead capacity

• Deep hands-on experience running hypothesis-driven hunts across SIEM and EDR telemetry in enterprise or MDR environments

• Hands-on hunting experience in Google SecOps / Chronicle, or equivalent cloud-native SIEM (Sentinel, Splunk Cloud) with willingness to standardize on Chronicle

• Strong command of attacker TTPs and MITRE ATT&CK — you can map an intrusion from initial access through impact and explain the detection gap at each stage

• Scripting fluency in Python and/or PowerShell for hunt tooling, telemetry parsing, and detection automation

Bonus Points:

• Microsoft security stack (Sentinel, Defender) depth

• SOAR platform experience (Tines, XSOAR, Chronicle SOAR)

• Cloud security depth in AWS, Azure, or GCP, including cloud-native attack patterns

• Published research, conference talks, or open-source contributions in threat hunting or detection engineering

Education & Certifications:

• Bachelor's degree in Computer Science, Cybersecurity, or Engineering, or a related field (or equivalent experience).

• Relevant certifications such as GCIH, GCFA, GCDA, OSCP, CISSP, AWS / GCP, or Splunk / Chronicle / Sentinel certifications are a plus.

Why Join Us?

• Opportunity to define the threat hunting practice at an automation-first MDR provider — your methodology becomes the standard our customers run on.

• Collaborate with a talented and innovative team focused on continuously improving security operations.

• Competitive salary and benefits package.

• A culture of growth and development, with opportunities to expand your knowledge in AI, cybersecurity, and emerging technologies.